time: do not panic on Interval::poll_tick if the sum of the timeout and period overflow

[jxs]

Motivation

when calling tokio::time::interval(Duration::MAX) runtime panics with:

overflow when adding duration to instant

see reproduction here. Panic happens when adding timeout to to the delay deadline.

Solution

This PR addresses the panic by calling Instant::checked_add falling back to Instant::far_future() when it overflows. If needed I can add a test for it and update the documentation mentioning this behaviour.

Thanks!

[Darksonn]

Thanks. Can you add a test to tests/time_interval.rs? Otherwise this looks good to me.

[b3t33]

Using Instant::far_future() seems like a reasonable fallback while saturating_add is not available. Alternatively, a good approximation for saturating_add could be the following:

fn saturating_add(lhs: Instant, rhs: Duration) -> Instant {
    if let Some(out) = lhs.checked_add(rhs) {
        out
    } else {
        saturate(lhs)
    }
}

#[cold]
fn saturate(mut instant: Instant) -> Instant {
    let mut secs = 1_u64 << 63;
    while secs > 0 {
        if let Some(incr) = instant.checked_add(Duration::from_secs(secs)) {
            instant = incr;
        }
        secs >>= 1;
    }
    let mut nanos = 1_u64 << 30;
    while nanos > 0 {
        if let Some(incr) = instant.checked_add(Duration::from_nanos(nanos)) {
            instant = incr;
        }
        nanos >>= 1;
    }
    instant
}

see #https://github.com/b3t33/tokio/commit/2e9743b74d097c14ec3223f909d12daa12f8532a for a possible integration into src/time/instant.rs.

[Darksonn]

Instant::far_future() is sufficient.

[wathenjiang]

Is it a good idea to add some explanation about this overflow behavior on the tokio:: time:: interval.

[Darksonn]

I don't think it's necessary, but it also doesn't hurt to mention that.

[jxs]

thanks Alice, added a test

[paolobarbolini]

Drive-by review: this may make sense as unwrap_or_else 🤔

[jxs]

Thanks Paolo, updated!

[Darksonn]

I've verified that the test does fail without this change. Thanks!

[Darksonn]

It seems there is a clippy failure.

error: redundant closure
   --> tokio/src/time/interval.rs:485:33
    |
485 |                 .unwrap_or_else(|| Instant::far_future())
    |                                 ^^^^^^^^^^^^^^^^^^^^^^^^ help: replace the closure with the function itself: `Instant::far_future`
    |
    = help: for further information visit https://rust-lang.github.io/rust-clippy/master/index.html#redundant_closure
    = note: `-D clippy::redundant-closure` implied by `-D warnings`
    = help: to override `-D warnings` add `#[allow(clippy::redundant_closure)]`

[jxs]

Stress test is failing, but seems unrelated

[Darksonn]

Yes, see the CI issue above.